1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

created "passdb.c" which is an interface point to (at present) either

smbpasswd or ldap passwd, at compile-time (-DUSE_LDAP).

_none_ of the functions in ldap.c or smbpass.c should be called directly:
only those in passdb.c should be used.

-DUSE_LDAP is unlikely to compile at the moment.
This commit is contained in:
Luke Leighton 0001-01-01 00:00:00 +00:00
parent dfdc9b0b1e
commit 57b01ad4ff
12 changed files with 334 additions and 140 deletions

View File

@ -36,12 +36,12 @@ BOOL chat_with_program(char *passwordprogram,char *name,char *chatsequence, BOOL
BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root);
BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root);
BOOL check_lanman_password(char *user, unsigned char *pass1,
unsigned char *pass2, struct smb_passwd **psmbpw);
BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsigned char *pass2);
unsigned char *pass2, struct smb_passwd **psampw);
BOOL change_lanman_password(struct smb_passwd *sampw, unsigned char *pass1, unsigned char *pass2);
BOOL check_oem_password(char *user, unsigned char *data,
struct smb_passwd **psmbpw, char *new_passwd,
struct smb_passwd **psampw, char *new_passwd,
int new_passwd_size);
BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL override);
BOOL change_oem_password(struct smb_passwd *sampw, char *new_passwd, BOOL override);
/*The following definitions come from client.c */
@ -1558,6 +1558,18 @@ BOOL pm_process( char *FileName,
BOOL (*sfunc)(char *),
BOOL (*pfunc)(char *, char *) );
/*The following definitions come from passdb.c */
struct smb_passwd *getsampwnam(char *name);
struct smb_passwd *getsampwuid(unsigned int uid);
void *startsampwent(BOOL update);
void endsampwent(void *vp);
struct smb_passwd *getsampwent(void *vp);
unsigned long getsampwpos(void *vp);
BOOL setsampwpos(void *vp, unsigned long tok);
BOOL add_sampwd_entry(struct smb_passwd *newpwd);
BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override);
/*The following definitions come from password.c */
void generate_next_challenge(char *challenge);

View File

@ -201,7 +201,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n",
strcpy(reply_name,"\\\\"); /* Here it wants \\LOGONSERVER. */
strcpy(reply_name+2,my_name);
smb_pass = getsmbpwnam(ascuser);
smb_pass = getsampwnam(ascuser);
if(!smb_pass )
{

View File

@ -475,7 +475,7 @@ static void ldap_get_machine(LDAP *ldap_struct,LDAPMessage *entry,
/*******************************************************************
find a user or a machine return a smbpass struct.
******************************************************************/
struct smb_passwd *ldap_get_smbpwd_entry(char *name, int smb_userid)
static struct smb_passwd *ldap_get_smbpwd_entry(char *name, int smb_userid)
{
LDAP *ldap_struct;
LDAPMessage *result;
@ -560,4 +560,24 @@ struct smb_passwd *ldap_get_smbpwd_entry(char *name, int smb_userid)
return(&ldap_passwd);
}
/************************************************************************
Routine to search ldap passwd by name.
*************************************************************************/
struct smb_passwd *getldappwnam(char *name)
{
return ldap_get_smbpwd_entry(name, 0);
}
/************************************************************************
Routine to search ldap passwd by uid.
*************************************************************************/
struct smb_passwd *getldappwuid(unsigned int uid)
{
return ldap_get_smbpwd_entry(NULL, uid);
}
#endif

149
source/passdb/passdb.c Normal file
View File

@ -0,0 +1,149 @@
/*
Unix SMB/Netbios implementation.
Version 1.9.
Password and authentication handling
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Luke Kenneth Casson Leighton 1996-1998
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "includes.h"
extern int DEBUGLEVEL;
/************************************************************************
Routine to search sam passwd by name.
*************************************************************************/
struct smb_passwd *getsampwnam(char *name)
{
#ifdef USE_LDAP
return getldappwnam(name);
#else
return getsmbpwnam(name);
#endif /* USE_LDAP */
}
/************************************************************************
Routine to search sam passwd by uid.
*************************************************************************/
struct smb_passwd *getsampwuid(unsigned int uid)
{
#ifdef USE_LDAP
return getldappwuid(uid);
#else
return getsmbpwuid(uid);
#endif /* USE_LDAP */
}
/***************************************************************
Start to enumerate the sam passwd list. Returns a void pointer
to ensure no modification outside this module.
****************************************************************/
void *startsampwent(BOOL update)
{
#ifdef USE_LDAP
return startldappwent(update);
#else
return startsmbpwent(update);
#endif /* USE_LDAP */
}
/***************************************************************
End enumeration of the sam passwd list.
****************************************************************/
void endsampwent(void *vp)
{
#ifdef USE_LDAP
endldappwent(vp);
#else
endsmbpwent(vp);
#endif /* USE_LDAP */
}
/*************************************************************************
Routine to return the next entry in the sam passwd list.
*************************************************************************/
struct smb_passwd *getsampwent(void *vp)
{
#ifdef USE_LDAP
return getldappwent(vp);
#else
return getsmbpwent(vp);
#endif /* USE_LDAP */
}
/*************************************************************************
Return the current position in the sam passwd list as an unsigned long.
This must be treated as an opaque token.
*************************************************************************/
unsigned long getsampwpos(void *vp)
{
#ifdef USE_LDAP
return getldappwpos(vp);
#else
return getsmbpwpos(vp);
#endif /* USE_LDAP */
}
/*************************************************************************
Set the current position in the sam passwd list from unsigned long.
This must be treated as an opaque token.
*************************************************************************/
BOOL setsampwpos(void *vp, unsigned long tok)
{
#ifdef USE_LDAP
return setldappwpos(vp, tok);
#else
return setsmbpwpos(vp, tok);
#endif /* USE_LDAP */
}
/************************************************************************
Routine to add an entry to the sam passwd file.
*************************************************************************/
BOOL add_sampwd_entry(struct smb_passwd *newpwd)
{
#ifdef USE_LDAP
return add_ldappwd_entry(newpwd);
#else
return add_smbpwd_entry(newpwd);
#endif /* USE_LDAP */
}
/************************************************************************
Routine to search the sam passwd file for an entry matching the username.
and then modify its password entry. We can't use the startsampwent()/
getsampwent()/endsampwent() interfaces here as we depend on looking
in the actual file to decide how much room we have to write data.
override = False, normal
override = True, override XXXXXXXX'd out password or NO PASS
************************************************************************/
BOOL mod_sampwd_entry(struct smb_passwd* pwd, BOOL override)
{
#ifdef USE_LDAP
return mod_ldappwd_entry(pwd, override);
#else
return mod_smbpwd_entry(pwd, override);
#endif /* USE_LDAP */
}

View File

@ -17,6 +17,17 @@
* Mass Ave, Cambridge, MA 02139, USA.
*/
/*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*
*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*
*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*
DO NOT CALL ANY OF THE ROUTINES IN THIS MODULE DIRECTLY.
USE passdb.c INSTEAD.
*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*
*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*
*X*X*X*X*X*X*X**X*X*X*X*X*X*X**X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*X*/
#include "includes.h"
extern int DEBUGLEVEL;
@ -112,7 +123,10 @@ static BOOL pw_file_unlock(int fd, int *plock_depth)
/***************************************************************
Start to enumerate the smbpasswd list. Returns a void pointer
to ensure no modification outside this module.
****************************************************************/
do not call this function directly. use passdb.c instead.
****************************************************************/
void *startsmbpwent(BOOL update)
{
@ -192,6 +206,9 @@ static int gethexpwd(char *p, char *pwd)
/*************************************************************************
Routine to return the next entry in the smbpasswd list.
do not call this function directly. use passdb.c instead.
*************************************************************************/
struct smb_passwd *getsmbpwent(void *vp)
@ -482,8 +499,10 @@ struct smb_passwd *getsmbpwent(void *vp)
/*************************************************************************
Return the current position in the smbpasswd list as an unsigned long.
This must be treated as an opaque token.
*************************************************************************/
do not call this function directly. use passdb.c instead.
*************************************************************************/
unsigned long getsmbpwpos(void *vp)
{
return (unsigned long)ftell((FILE *)vp);
@ -492,8 +511,10 @@ unsigned long getsmbpwpos(void *vp)
/*************************************************************************
Set the current position in the smbpasswd list from unsigned long.
This must be treated as an opaque token.
*************************************************************************/
do not call this function directly. use passdb.c instead.
*************************************************************************/
BOOL setsmbpwpos(void *vp, unsigned long tok)
{
return !fseek((FILE *)vp, tok, SEEK_SET);
@ -503,7 +524,6 @@ BOOL setsmbpwpos(void *vp, unsigned long tok)
Routine to search the smbpasswd file for an entry matching the username
or user id. if the name is NULL, then the smb_uid is used instead.
*************************************************************************/
static struct smb_passwd *get_smbpwd_entry(char *name, int smb_userid)
{
struct smb_passwd *pwd = NULL;
@ -549,31 +569,25 @@ static struct smb_passwd *get_smbpwd_entry(char *name, int smb_userid)
}
/************************************************************************
Routine to search smbpasswd by name.
Routine to search smb passwd by name.
*************************************************************************/
struct smb_passwd *getsmbpwnam(char *name)
{
#ifdef USE_LDAP
return ldap_get_smbpwd_entry(name, 0);
#else /* USE_LDAP */
return get_smbpwd_entry(name, 0);
#endif /* USE_LDAP */
}
/************************************************************************
Routine to search smbpasswd by uid.
Routine to search smb passwd by uid.
*************************************************************************/
struct smb_passwd *getsmbpwuid(unsigned int uid)
{
#ifdef USE_LDAP
return ldap_get_smbpwd_entry(NULL, uid);
#else /* USE_DLAP */
return get_smbpwd_entry(NULL, uid);
#endif /* USE_LDAP */
}
/**********************************************************
Encode the account control bits into a string.
**********************************************************/
@ -585,24 +599,15 @@ char *encode_acct_ctrl(uint16 acct_ctrl)
*p++ = '[';
if(acct_ctrl & ACB_HOMDIRREQ)
*p++ = 'H';
if(acct_ctrl & ACB_TEMPDUP)
*p++ = 'T';
if(acct_ctrl & ACB_NORMAL)
*p++ = 'U';
if(acct_ctrl & ACB_MNS)
*p++ = 'M';
if(acct_ctrl & ACB_WSTRUST)
*p++ = 'W';
if(acct_ctrl & ACB_SVRTRUST)
*p++ = 'S';
if(acct_ctrl & ACB_AUTOLOCK)
*p++ = 'L';
if(acct_ctrl & ACB_PWNOEXP)
*p++ = 'X';
if(acct_ctrl & ACB_DOMTRUST)
*p++ = 'I';
if (acct_ctrl & ACB_HOMDIRREQ) *p++ = 'H';
if (acct_ctrl & ACB_TEMPDUP ) *p++ = 'T';
if (acct_ctrl & ACB_NORMAL ) *p++ = 'U';
if (acct_ctrl & ACB_MNS ) *p++ = 'M';
if (acct_ctrl & ACB_WSTRUST ) *p++ = 'W';
if (acct_ctrl & ACB_SVRTRUST ) *p++ = 'S';
if (acct_ctrl & ACB_AUTOLOCK ) *p++ = 'L';
if (acct_ctrl & ACB_PWNOEXP ) *p++ = 'X';
if (acct_ctrl & ACB_DOMTRUST ) *p++ = 'I';
*p++ = ']';
*p = '\0';
@ -611,6 +616,9 @@ char *encode_acct_ctrl(uint16 acct_ctrl)
/************************************************************************
Routine to add an entry to the smbpasswd file.
do not call this function directly. use passdb.c instead.
*************************************************************************/
BOOL add_smbpwd_entry(struct smb_passwd *newpwd)
@ -742,6 +750,9 @@ Error was %s. Password file may be corrupt ! Please examine by hand !\n",
in the actual file to decide how much room we have to write data.
override = False, normal
override = True, override XXXXXXXX'd out password or NO PASS
do not call this function directly. use passdb.c instead.
************************************************************************/
BOOL mod_smbpwd_entry(struct smb_passwd* pwd, BOOL override)

View File

@ -237,7 +237,7 @@ static BOOL get_md4pw(char *md4pw, char *mach_name, char *mach_acct)
}
become_root(True);
smb_pass = getsmbpwnam(mach_acct);
smb_pass = getsampwnam(mach_acct);
unbecome_root(True);
if (smb_pass != NULL)
@ -377,48 +377,50 @@ static void api_net_srv_pwset( int uid,
/* checks and updates credentials. creates reply credentials */
if (deal_with_creds(vuser->dc.sess_key, &(vuser->dc.clnt_cred),
&(q_a.clnt_id.cred), &srv_cred))
&(q_a.clnt_id.cred), &srv_cred))
{
memcpy(&(vuser->dc.srv_cred), &(vuser->dc.clnt_cred), sizeof(vuser->dc.clnt_cred));
DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__));
pstrcpy(mach_acct, unistrn2(q_a.clnt_id.login.uni_acct_name.buffer,
q_a.clnt_id.login.uni_acct_name.uni_str_len));
pstrcpy(mach_acct, unistrn2(q_a.clnt_id.login.uni_acct_name.buffer,
q_a.clnt_id.login.uni_acct_name.uni_str_len));
DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
DEBUG(3,("Server Password Set Wksta:[%s]\n", mach_acct));
become_root(True);
smb_pass = getsmbpwnam(mach_acct);
unbecome_root(True);
become_root(True);
smb_pass = getsampwnam(mach_acct);
unbecome_root(True);
if (smb_pass != NULL)
{
unsigned char pwd[16];
int i;
unsigned char pwd[16];
int i;
DEBUG(100,("Server password set : new given value was :\n"));
for(i = 0; i < 16; i++)
DEBUG(100,("%02X ", q_a.pwd[i]));
DEBUG(100,("\n"));
DEBUG(100,("Server password set : new given value was :\n"));
for(i = 0; i < 16; i++)
{
DEBUG(100,("%02X ", q_a.pwd[i]));
}
DEBUG(100,("\n"));
cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0);
cred_hash3( pwd, q_a.pwd, vuser->dc.sess_key, 0);
/* lies! nt and lm passwords are _not_ the same: don't care */
smb_pass->smb_passwd = pwd;
smb_pass->smb_nt_passwd = pwd;
smb_pass->acct_ctrl = ACB_WSTRUST;
/* lies! nt and lm passwords are _not_ the same: don't care */
smb_pass->smb_passwd = pwd;
smb_pass->smb_nt_passwd = pwd;
smb_pass->acct_ctrl = ACB_WSTRUST;
become_root(True);
ret = mod_smbpwd_entry(smb_pass,False);
unbecome_root(True);
become_root(True);
ret = mod_sampwd_entry(smb_pass,False);
unbecome_root(True);
if (ret)
{
/* hooray! */
status = 0x0;
}
}
if (ret)
{
/* hooray! */
status = 0x0;
}
}
DEBUG(5,("api_net_srv_pwset: %d\n", __LINE__));
@ -629,7 +631,7 @@ static void api_net_sam_logon( int uid,
DEBUG(3,("User:[%s]\n", samlogon_user));
become_root(True);
smb_pass = getsmbpwnam(samlogon_user);
smb_pass = getsampwnam(samlogon_user);
unbecome_root(True);
if (smb_pass == NULL)

View File

@ -38,7 +38,7 @@ extern rid_name domain_alias_rids[];
dynamically returns the correct user info..... JRA.
********************************************************************/
static BOOL get_smbpwd_entries(SAM_USER_INFO_21 *pw_buf,
static BOOL get_sampwd_entries(SAM_USER_INFO_21 *pw_buf,
int *total_entries, int *num_entries,
int max_num_entries,
uint16 acb_mask)
@ -51,14 +51,14 @@ static BOOL get_smbpwd_entries(SAM_USER_INFO_21 *pw_buf,
if (pw_buf == NULL) return False;
vp = startsmbpwent(False);
vp = startsampwent(False);
if (!vp)
{
DEBUG(0, ("get_smbpwd_entries: Unable to open SMB password file.\n"));
DEBUG(0, ("get_sampwd_entries: Unable to open SMB password file.\n"));
return False;
}
while (((pwd = getsmbpwent(vp)) != NULL) && (*num_entries) < max_num_entries)
while (((pwd = getsampwent(vp)) != NULL) && (*num_entries) < max_num_entries)
{
int user_name_len = strlen(pwd->smb_name);
make_unistr2(&(pw_buf[(*num_entries)].uni_user_name), pwd->smb_name, user_name_len-1);
@ -75,7 +75,7 @@ static BOOL get_smbpwd_entries(SAM_USER_INFO_21 *pw_buf,
pw_buf[(*num_entries)].acb_info = (uint16)pwd->acct_ctrl;
DEBUG(5, ("get_smbpwd_entries: idx: %d user %s, uid %d, acb %x",
DEBUG(5, ("get_sampwd_entries: idx: %d user %s, uid %d, acb %x",
(*num_entries), pwd->smb_name, pwd->smb_userid, pwd->acct_ctrl));
if (acb_mask == 0 || IS_BITS_SET_SOME(pwd->acct_ctrl, acb_mask))
@ -91,7 +91,7 @@ static BOOL get_smbpwd_entries(SAM_USER_INFO_21 *pw_buf,
(*total_entries)++;
}
endsmbpwent(vp);
endsampwent(vp);
return (*num_entries) > 0;
}
@ -295,7 +295,7 @@ static void samr_reply_enum_dom_users(SAMR_Q_ENUM_DOM_USERS *q_u,
DEBUG(5,("samr_reply_enum_dom_users: %d\n", __LINE__));
become_root(True);
got_pwds = get_smbpwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, q_u->acb_mask);
got_pwds = get_sampwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, q_u->acb_mask);
unbecome_root(True);
make_samr_r_enum_dom_users(&r_e, total_entries,
@ -466,7 +466,7 @@ static void samr_reply_query_dispinfo(SAMR_Q_QUERY_DISPINFO *q_u,
#ifndef USE_LDAP
become_root(True);
got_pwds = get_smbpwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0);
got_pwds = get_sampwd_entries(pass, &total_entries, &num_entries, MAX_SAM_ENTRIES, 0);
unbecome_root(True);
#endif /* USE_LDAP */
@ -633,7 +633,7 @@ static void samr_reply_lookup_ids(SAMR_Q_LOOKUP_IDS *q_u,
/* find the user account */
become_root(True);
smb_pass = get_smbpwd_entry(user_name, 0);
smb_pass = get_sampwd_entry(user_name, 0);
unbecome_root(True);
if (smb_pass == NULL)
@ -825,7 +825,7 @@ static void samr_reply_open_user(SAMR_Q_OPEN_USER *q_u,
}
become_root(True);
smb_pass = getsmbpwuid(q_u->user_rid);
smb_pass = getsampwuid(q_u->user_rid);
unbecome_root(True);
/* check that the RID exists in our domain. */
@ -896,7 +896,7 @@ static BOOL get_user_info_21(SAM_USER_INFO_21 *id21, uint32 rid)
struct smb_passwd *smb_pass;
become_root(True);
smb_pass = getsmbpwuid(rid);
smb_pass = getsampwuid(rid);
unbecome_root(True);
if (smb_pass == NULL)
@ -1117,7 +1117,7 @@ static void samr_reply_query_usergroups(SAMR_Q_QUERY_USERGROUPS *q_u,
if (status == 0x0)
{
become_root(True);
smb_pass = getsmbpwuid(rid);
smb_pass = getsampwuid(rid);
unbecome_root(True);
if (smb_pass == NULL)
@ -1213,7 +1213,7 @@ static void api_samr_unknown_32( int uid, prs_struct *data, prs_struct *rdata)
q_u.uni_mach_acct.uni_str_len));
become_root(True);
smb_pass = getsmbpwnam(mach_acct);
smb_pass = getsampwnam(mach_acct);
unbecome_root(True);
if (smb_pass != NULL)

View File

@ -406,7 +406,7 @@ uint32 lookup_user_name(uint32 rid, char *user_name, uint32 *type)
/* ok, it's a user. find the user account */
become_root(True);
smb_pass = getsmbpwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
smb_pass = getsampwuid(rid); /* lkclXXXX SHOULD use rid mapping here! */
unbecome_root(True);
if (smb_pass != NULL)
@ -468,7 +468,7 @@ uint32 lookup_user_rid(char *user_name, uint32 *rid)
/* find the user account */
become_root(True);
smb_pass = getsmbpwnam(user_name);
smb_pass = getsampwnam(user_name);
unbecome_root(True);
if (smb_pass != NULL)

View File

@ -440,56 +440,56 @@ BOOL chgpasswd(char *name,char *oldpass,char *newpass, BOOL as_root)
************************************************************/
BOOL check_lanman_password(char *user, unsigned char *pass1,
unsigned char *pass2, struct smb_passwd **psmbpw)
unsigned char *pass2, struct smb_passwd **psampw)
{
unsigned char unenc_new_pw[16];
unsigned char unenc_old_pw[16];
unsigned char null_pw[16];
struct smb_passwd *smbpw;
struct smb_passwd *sampw;
*psmbpw = NULL;
*psampw = NULL;
become_root(0);
smbpw = getsmbpwnam(user);
sampw = getsampwnam(user);
unbecome_root(0);
if(smbpw == NULL)
if(sampw == NULL)
{
DEBUG(0,("check_lanman_password: getsmbpwnam returned NULL\n"));
DEBUG(0,("check_lanman_password: getsampwnam returned NULL\n"));
return False;
}
if(smbpw->acct_ctrl & ACB_DISABLED)
if(sampw->acct_ctrl & ACB_DISABLED)
{
DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
return False;
}
if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
if((sampw->smb_passwd == NULL) && (sampw->acct_ctrl & ACB_PWNOTREQ))
{
unsigned char no_pw[14];
memset(no_pw, '\0', 14);
E_P16((uchar *)no_pw, (uchar *)null_pw);
smbpw->smb_passwd = null_pw;
} else if (smbpw->smb_passwd == NULL) {
sampw->smb_passwd = null_pw;
} else if (sampw->smb_passwd == NULL) {
DEBUG(0,("check_lanman_password: no lanman password !\n"));
return False;
}
/* Get the new lanman hash. */
D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
D_P16(sampw->smb_passwd, pass2, unenc_new_pw);
/* Use this to get the old lanman hash. */
D_P16(unenc_new_pw, pass1, unenc_old_pw);
/* Check that the two old passwords match. */
if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16))
if(memcmp(sampw->smb_passwd, unenc_old_pw, 16))
{
DEBUG(0,("check_lanman_password: old password doesn't match.\n"));
return False;
}
*psmbpw = smbpw;
*psampw = sampw;
return True;
}
@ -499,44 +499,44 @@ BOOL check_lanman_password(char *user, unsigned char *pass1,
no longer be valid.
************************************************************/
BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsigned char *pass2)
BOOL change_lanman_password(struct smb_passwd *sampw, unsigned char *pass1, unsigned char *pass2)
{
unsigned char unenc_new_pw[16];
unsigned char null_pw[16];
BOOL ret;
if(smbpw == NULL)
if(sampw == NULL)
{
DEBUG(0,("change_lanman_password: no smb password entry.\n"));
return False;
}
if(smbpw->acct_ctrl & ACB_DISABLED)
if(sampw->acct_ctrl & ACB_DISABLED)
{
DEBUG(0,("change_lanman_password: account %s disabled.\n", smbpw->smb_name));
DEBUG(0,("change_lanman_password: account %s disabled.\n", sampw->smb_name));
return False;
}
if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
if((sampw->smb_passwd == NULL) && (sampw->acct_ctrl & ACB_PWNOTREQ))
{
unsigned char no_pw[14];
memset(no_pw, '\0', 14);
E_P16((uchar *)no_pw, (uchar *)null_pw);
smbpw->smb_passwd = null_pw;
} else if (smbpw->smb_passwd == NULL) {
sampw->smb_passwd = null_pw;
} else if (sampw->smb_passwd == NULL) {
DEBUG(0,("change_lanman_password: no lanman password !\n"));
return False;
}
/* Get the new lanman hash. */
D_P16(smbpw->smb_passwd, pass2, unenc_new_pw);
D_P16(sampw->smb_passwd, pass2, unenc_new_pw);
smbpw->smb_passwd = unenc_new_pw;
smbpw->smb_nt_passwd = NULL; /* We lose the NT hash. Sorry. */
sampw->smb_passwd = unenc_new_pw;
sampw->smb_nt_passwd = NULL; /* We lose the NT hash. Sorry. */
/* Now write it into the file. */
become_root(0);
ret = mod_smbpwd_entry(smbpw,False);
ret = mod_sampwd_entry(sampw,False);
unbecome_root(0);
return ret;
@ -547,10 +547,10 @@ BOOL change_lanman_password(struct smb_passwd *smbpw, unsigned char *pass1, unsi
************************************************************/
BOOL check_oem_password(char *user, unsigned char *data,
struct smb_passwd **psmbpw, char *new_passwd,
struct smb_passwd **psampw, char *new_passwd,
int new_passwd_size)
{
struct smb_passwd *smbpw = NULL;
struct smb_passwd *sampw = NULL;
int new_pw_len;
fstring upper_case_new_passwd;
unsigned char new_p16[16];
@ -558,28 +558,28 @@ BOOL check_oem_password(char *user, unsigned char *data,
unsigned char null_pw[16];
become_root(0);
*psmbpw = smbpw = getsmbpwnam(user);
*psampw = sampw = getsampwnam(user);
unbecome_root(0);
if(smbpw == NULL)
if(sampw == NULL)
{
DEBUG(0,("check_oem_password: getsmbpwnam returned NULL\n"));
DEBUG(0,("check_oem_password: getsampwnam returned NULL\n"));
return False;
}
if(smbpw->acct_ctrl & ACB_DISABLED)
if(sampw->acct_ctrl & ACB_DISABLED)
{
DEBUG(0,("check_lanman_password: account %s disabled.\n", user));
return False;
}
if((smbpw->smb_passwd == NULL) && (smbpw->acct_ctrl & ACB_PWNOTREQ))
if((sampw->smb_passwd == NULL) && (sampw->acct_ctrl & ACB_PWNOTREQ))
{
unsigned char no_pw[14];
memset(no_pw, '\0', 14);
E_P16((uchar *)no_pw, (uchar *)null_pw);
smbpw->smb_passwd = null_pw;
} else if (smbpw->smb_passwd == NULL) {
sampw->smb_passwd = null_pw;
} else if (sampw->smb_passwd == NULL) {
DEBUG(0,("check_oem_password: no lanman password !\n"));
return False;
}
@ -587,7 +587,7 @@ BOOL check_oem_password(char *user, unsigned char *data,
/*
* Call the hash function to get the new password.
*/
SamOEMhash( (unsigned char *)data, (unsigned char *)smbpw->smb_passwd, True);
SamOEMhash( (unsigned char *)data, (unsigned char *)sampw->smb_passwd, True);
/*
* The length of the new password is in the last 4 bytes of
@ -619,7 +619,7 @@ BOOL check_oem_password(char *user, unsigned char *data,
*/
D_P16(new_p16, &data[516], unenc_old_pw);
if(memcmp(smbpw->smb_passwd, unenc_old_pw, 16)) {
if(memcmp(sampw->smb_passwd, unenc_old_pw, 16)) {
DEBUG(0,("check_oem_password: old password doesn't match.\n"));
return False;
}
@ -636,7 +636,7 @@ BOOL check_oem_password(char *user, unsigned char *data,
override = True, override XXXXXXXXXX'd password
************************************************************/
BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL override)
BOOL change_oem_password(struct smb_passwd *sampw, char *new_passwd, BOOL override)
{
int ret;
fstring upper_case_new_passwd;
@ -649,14 +649,14 @@ BOOL change_oem_password(struct smb_passwd *smbpw, char *new_passwd, BOOL overri
E_P16((uchar *)upper_case_new_passwd, new_p16);
smbpw->smb_passwd = new_p16;
sampw->smb_passwd = new_p16;
E_md4hash((uchar *) new_passwd, new_nt_p16);
smbpw->smb_nt_passwd = new_nt_p16;
sampw->smb_nt_passwd = new_nt_p16;
/* Now write it into the file. */
become_root(0);
ret = mod_smbpwd_entry(smbpw,override);
ret = mod_sampwd_entry(sampw,override);
unbecome_root(0);
memset(upper_case_new_passwd, '\0', strlen(upper_case_new_passwd));

View File

@ -1649,10 +1649,10 @@ static BOOL api_SetUserPassword(int cnum,uint16 vuid, char *param,char *data,
if(SVAL(*rparam,0) != NERR_Success)
{
struct smb_passwd *smbpw = NULL;
struct smb_passwd *sampw = NULL;
if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &smbpw) &&
change_lanman_password(smbpw,(unsigned char *)pass1,(unsigned char *)pass2))
if(check_lanman_password(user,(unsigned char *)pass1,(unsigned char *)pass2, &sampw) &&
change_lanman_password(sampw,(unsigned char *)pass1,(unsigned char *)pass2))
{
SSVAL(*rparam,0,NERR_Success);
}
@ -1675,7 +1675,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
{
fstring user;
fstring new_passwd;
struct smb_passwd *smbpw = NULL;
struct smb_passwd *sampw = NULL;
char *p = param + 2;
*rparam_len = 2;
@ -1703,7 +1703,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
fstrcpy(user,p);
p = skip_string(p,1);
if(check_oem_password( user, (unsigned char *)data, &smbpw,
if(check_oem_password( user, (unsigned char *)data, &sampw,
new_passwd, (int)sizeof(new_passwd)) == False) {
return True;
}
@ -1720,7 +1720,7 @@ static BOOL api_SamOEMChangePassword(int cnum,uint16 vuid, char *param,char *dat
if(lp_unix_password_sync())
chgpasswd(user,"", new_passwd, True);
if(change_oem_password( smbpw, new_passwd, False)) {
if(change_oem_password( sampw, new_passwd, False)) {
SSVAL(*rparam,0,NERR_Success);
}

View File

@ -429,21 +429,21 @@ update the encrypted smbpasswd file from the plaintext username and password
*****************************************************************************/
BOOL update_smbpassword_file( char *user, fstring password)
{
struct smb_passwd *smbpw;
struct smb_passwd *sampw;
BOOL ret;
become_root(0);
smbpw = getsmbpwnam(user);
sampw = getsampwnam(user);
unbecome_root(0);
if(smbpw == NULL)
if(sampw == NULL)
{
DEBUG(0,("update_smbpassword_file: getsmbpwnam returned NULL\n"));
DEBUG(0,("update_smbpassword_file: getsampwnam returned NULL\n"));
return False;
}
/* Here, the flag is one, because we want to ignore the XXXXXXX'd out password */
ret = change_oem_password( smbpw, password, True);
ret = change_oem_password( sampw, password, True);
if (ret == False)
DEBUG(3,("update_smbpasswd_file: change_oem_password returned False\n"));
@ -1124,7 +1124,7 @@ BOOL password_ok(char *user,char *password, int pwlen, struct passwd *pwd)
return(False);
}
smb_pass = getsmbpwnam(user);
smb_pass = getsampwnam(user);
if (!smb_pass)
{

View File

@ -377,10 +377,10 @@ static int session_trust_account(char *inbuf, char *outbuf, char *user,
char *smb_passwd, int smb_passlen,
char *smb_nt_passwd, int smb_nt_passlen)
{
struct smb_passwd *smb_trust_acct = NULL; /* check if trust account exists */
struct smb_passwd *sam_trust_acct = NULL; /* check if trust account exists */
if (lp_security() == SEC_USER)
{
smb_trust_acct = getsmbpwnam(user);
sam_trust_acct = getsampwnam(user);
}
else
{
@ -389,7 +389,7 @@ static int session_trust_account(char *inbuf, char *outbuf, char *user,
return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE));
}
if (smb_trust_acct == NULL)
if (sam_trust_acct == NULL)
{
/* lkclXXXX: workstation entry doesn't exist */
DEBUG(0,("session_trust_account: Trust account %s user doesn't exist\n",user));
@ -405,28 +405,28 @@ static int session_trust_account(char *inbuf, char *outbuf, char *user,
return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE));
}
if (!smb_password_ok(smb_trust_acct, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd))
if (!smb_password_ok(sam_trust_acct, (unsigned char *)smb_passwd, (unsigned char *)smb_nt_passwd))
{
DEBUG(0,("session_trust_account: Trust Account %s - password failed\n", user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, 0xc0000000|NT_STATUS_LOGON_FAILURE));
}
if (IS_BITS_SET_ALL(smb_trust_acct->acct_ctrl, ACB_DOMTRUST))
if (IS_BITS_SET_ALL(sam_trust_acct->acct_ctrl, ACB_DOMTRUST))
{
DEBUG(0,("session_trust_account: Domain trust account %s denied by server\n",user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, 0xc0000000|NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT));
}
if (IS_BITS_SET_ALL(smb_trust_acct->acct_ctrl, ACB_SVRTRUST))
if (IS_BITS_SET_ALL(sam_trust_acct->acct_ctrl, ACB_SVRTRUST))
{
DEBUG(0,("session_trust_account: Server trust account %s denied by server\n",user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);
return(ERROR(0, 0xc0000000|NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT));
}
if (IS_BITS_SET_ALL(smb_trust_acct->acct_ctrl, ACB_WSTRUST))
if (IS_BITS_SET_ALL(sam_trust_acct->acct_ctrl, ACB_WSTRUST))
{
DEBUG(4,("session_trust_account: Wksta trust account %s denied by server\n", user));
SSVAL(outbuf, smb_flg2, FLAGS2_32_BIT_ERROR_CODES);